Roger Moser wrote:
I wrote:
Most probably all Yahoo mail that went through a mailing list has an
invalid Yahoo DK signature. So what is the use of checking the signature?
Theo answered:
Not all mail... Only mailing lists that change the message cause this
problem -- like this list.
Therefore I wrote "Most probably all" instead of "all".
And I would say "definitively not all". Perhaps you mean "many" or
"most". The probability of "all" failing is zero as I know of at least
one that has not. I get what you are trying to say: There is a
certainly likelihood, that you suppose is quite high, that a given
mesasge will have its DK signature invalidated as it resent from a
mailing list owner -- I won't disagree with this except that our
definitions of "quite high" are likely different.
The "hostile" mailing list has two options:
o add a Sender (as this list and most lists do) that will change the
responsible party for the email. This means the message will appear
unsigned and no CPU work will be done (unless the list also added its
own DK signature)
o strip the signature out. However, as the list is being hostile, if
the responsible domain insists that all mail is signed, then the mail
will fail. And that isn't a bad thing. The domain owner said that all
mail with a responsible party matching that domain should have a valid
signature and that if you notice someone change the message without
taking responsibility (adding Sender), then the domain owner simply
doesn't approve.
Forwarders modify the message? If they do, they should certainly claim
responsibility over the return path.
DomainKeys has nothing to do with the return-path.
Along with the return path, they should change the Sender: just as
mailing lists should if they choose the be hostile to messages.
--
// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// Postal Engine -- http://www.postalengine.com/
// Ecelerity: fastest MTA on Earth